Association for Computing Machinery
Timely Topics for IT Professionals

About ACM TechNews

ACM TechNews is published every week on Monday, Wednesday, and Friday.


ACM TechNews is intended as an objective news digest for busy IT Professionals. Views expressed are not necessarily those of either Thunderstone or ACM. To send comments, please write to technews@hq.acm.org.
Volume 7, Issue 828: Friday, August 12, 2005

  • "US Officials Go to Hackers' Convention to Recruit"
    Reuters (08/11/05); Sullivan, Andy

    The annual Defcon hacker conference illustrates the mutually beneficial relationship between hackers and the government, as almost 50 percent of the Defcon audience are federal employees. Leading federal officials attend the conference to recruit hackers for government work, cultivate sources, and keep abreast of new research. Some Defcon personnel double as staffers at government outfits such as the National Security Agency. Rumors are also flying that hackers are employed by the Pentagon to lay siege to foreign computer networks. The Internet and other leading-edge technologies hackers exploit could not have been developed without federal funding, while many hackers learn the basic rules of computer security during their stint in the military prior to private-sector employment. Many hackers claim network intrusions and other forms of mischief improve security in general by raising awareness of online threats. Long-time Defcon attendees say the relationship between feds and hackers has relaxed since the arrest of a Russian programmer who authored an e-book hack at the conference four years ago.
    Click Here to View Full Article

  • "New Energy Bill Has Cybersecurity Repercussions"
    Computerworld (08/11/05); Hoffman, Thomas

    President Bush signed a new bill into law this week that grants the Federal Energy Regulatory Commission (FERC) the authority to set up a national electric reliability entity that can monitor and review reliability standards, and the FERC's Ellen Vancko said her organization plans to adopt standards established by the North American Electric Reliability Council (NERC). For the past two years, the NERC has been developing cybersecurity standards encompassing a broad range of areas, including critical cyber asset security and staff screening and training requirements. Laurence Brown of Edison Electric Institute said the standards could go into effect next spring if they are approved by NERC members and the NERC board, which should give power companies ample time to create appropriate budgets and list their physical and cyber assets for audit by the FERC's new reliability group. He added that most large utilities and independent systems operators "are darn near fully compliant" with the NERC's 1200 cybersecurity standard as well as most of the new standards being drafted. "The most difficult issue is being able to demonstrate that you have looked at all of the areas that need to be tested and [are] doing the work," Brown commented. The proposed cybersecurity standards will also require power companies to subject employees to rigorous background checks, which may become the responsibility of IT security departments at certain companies. Bob Canada with Southern Co. noted that his company will need to list its cyber assets to comply with the new standards, which will entail "a significant effort" to deploy effective security controls for some of the company's facilities.
    Click Here to View Full Article

  • "DHS Head: Businesses Need to Focus on Cybersecurity"
    IDG News Service (08/11/05); Gross, Grant

    Speaking at the InfraGard National Conference on Aug. 10, Department of Homeland Security (DHS) Secretary Michael Chertoff urged businesses to devote more attention to cybersecurity, noting that the private sector needs more enticements to develop and/or enhance cybersecurity products; one such incentive would be to set up laws that protect businesses from product lawsuits. Chertoff said there is already sufficient motivation for private companies to fortify their infrastructures: "In today's threat environment, active security measures are critical to businesses themselves, because the cost of an attack will very, very greatly outweigh the cost of protection," he argued. The bulk of the U.S. critical infrastructure, as identified by the DHS, is computer-controlled, and private companies own most of that infrastructure. Chertoff said a "21st-century style of organization" where government agencies closely collaborate with private companies to secure national assets is needed. The DHS Secretary said his agency will study cybersecurity from all angles in the coming months as it recruits an assistant secretary for cybersecurity, and work to forge more private-sector alliances to shield cybersecurity. Furthermore, he promised that cybersecurity will be a key ingredient of a national infrastructure protection plan the DHS is devising. Chertoff's cybersecurity-oriented discussion at InfraGard stood out from past DHS initiatives, which have primarily concentrated on physical security. Microsoft's David Aucsmith made another InfraGard presentation in which he advised the IT industry to conduct more "threat-based" software development, as traditional bug testing does not account for hackers discovering unintended uses of software that lie at the heart of most security problems.
    Click Here to View Full Article

  • "Searching for Intelligence in Edinburgh"
    Register (UK) (08/10/05); Winterstein, Daniel

    Despite the many significant advances in artificial intelligence exhibited at Edinburgh's recent International Joint Conference in AI, the industry remains in its infancy, beset by seemingly unsolvable technical challenges. The Turkish scientist Zeynep Kiziltan received an award for her research solving the constraint satisfaction problem, which could lead to improvements in the automatic verification and design of hardware and software, while England's Geoff Hinton was recognized for his research on neural networks, which shed important light on efforts to model the brain. Much of the recent progress in the field is due to advances in statistics: New statistical methods are standing on more solid logic and have freed up access to vast amounts of raw data, particularly in the areas of genetics and bio-chemistry, leading to the emergence of bio-informatics. Most of the recent focus in AI has been on solving microcosmic technical problems, but Birmingham University's Aaron Sloman is embarking on a lofty project that seeks to combine the various competing strains of AI research. Sloman avoids overstating his project's ambition: "We assume that [human-like thinking] is far beyond the current state of the art and will remain so for many years," he says. "But we are asking important questions." The conference also showcased Sony's QRIO robots which, though undeniably cute, struggle to imitate human bipedal motion. Robots are a long way from duplicating the nuances of human experience, and find it much easier to function in an objective setting with stated rules, such as the game of chess, than in the real world of unforeseen intangible subtleties.
    Click Here to View Full Article

  • "Remote-Controlled Humans Enhance Immersive Games"
    New Scientist (08/10/05); Knight, Will

    One of the research projects highlighted at the recent 2005 SIGGRAPH conference was a Japanese initiative to control humans remotely, which NTT researcher Taero Maeda and colleagues say could be used to enhance the realism of computer games. The NTT scientists' method involves the remote stimulation of a person's vestibular system via electrodes, which causes the person to automatically veer left or right in order to correct a sensation of imbalance. The technique could be employed in a driving game, for instance, to make the player feel shifts in gravity as the car negotiates a sharp curve at high speed. "You could definitely use it to give the illusion of motion when going through some virtual environment," comments Boston University galvanic vestibular stimulation (GVS) expert James Collins. He notes, however, that the use of GVS as a virtual reality tool has already been patented by the Virtual Motion company in the United States. Furthermore, Brian Day with University College London's Institute of Neurology says there is evidence suggesting that prolonged use of vestibular stimulation at high current can damage tissues. "I would imagine that regulatory bodies would not allow GVS to be used in an uncontrolled way," he argues.
    Click Here to View Full Article

  • "Jerk-O-Meter Rates Phone Chatter"
    Associated Press (08/11/05)

    The Jerk-O-Meter is a software program for cell phones that can rate a speaker's level of engagement on a scale of 0 percent to 100 percent via analysis of speech patterns and voice tones. The software is being developed by MIT researchers under the direction of Anmol Madan, who envisions it as a tool for enhancing relationships. Alex Pentland with MIT's Media Lab sees the Jerk-O-Meter as part of the institute's effort to increase the "social awareness" of cell phones and other communication devices. The software currently monitors the user's end of the conversation, measuring levels of stress and empathy in the user's voice with mathematical algorithms, and keeping track of how frequently that person is talking. If such measurements indicate the user is getting bored or distracted, the Jerk-O-Meter causes a message to pop up on the phone advising the user to correct his behavior. Conversely, the Jerk-O-Meter could be used to rate the person on the other end of the line, notifying the tester when that person's attention is straying and asking if ending the conversation would be a good idea. The program was used to analyze 200 man-to-man and woman-to-woman phone conversations about topics chosen at random, and the study found that men were more interested in the subject of the conversation than women, who were more attuned to mood and the person they were talking to. The Jerk-O-Meter prototype runs in Linux on a phone connected to Voice over Internet service, and Madan expects the software to be sold as a downloadable product when it is completed in about half a year.
    Click Here to View Full Article

  • "Next Year's H-1B Visa Quota Almost Filled"
    Associated Press (08/09/05); Gamboa, Suzanne

    Immigration official Chris Bentley expects the H-1B visa cap to be reached about two months before the beginning of fiscal year 2006, according to a Monday announcement. As of Aug. 4 there were close to 52,000 applications for visas, with 22,383 visas granted and 29,556 pending. H-1Bs are granted to foreign workers in computer programming and other specialty professions, and the program requires employers to pay foreign employees the prevailing wage for their job fields as well as prove that qualified domestic workers are not being overlooked. The current annual H-1B visa cap stands at 65,000, and 6,800 visas are reserved for Chilean and Singaporean professionals. Employers, especially high-tech companies, claim the number of available H-1B visas is insufficient, while unions and other critics counter that the H-1B program lets businesses fill positions with cheaper labor. Bentley said he could not predict exactly when the H-1B cap would be reached because a ton of applications could be submitted on a single day or over the course of several days. About 50 percent of the H-1Bs available this year have been used by employers for workers with advanced degrees in math and science, while Congress approved an additional 20,000 visas for foreign holders of advanced degrees in those fields. The visas did not become available until May, but approximately 8,200 applications for those visas for fiscal 2006 have been granted or are pending.
    Click Here to View Full Article

  • "Envisioning a Wireless Future"
    CNet (08/10/05); Mock, David

    As Qualcomm recently celebrated its 20th anniversary by looking back at the state of wireless communications in 1985, David Mock, author of "The Qualcomm Equation," looks forward and imagines a world where communications are governed by hands-free devices and augmented reality. With the miniaturization of devices that can now be embedded in clothing or jewelry, tiny displays could be morphed with our innate vision, through a medium such as transparent LCD screens. Mock believes developers will come to realize that broadcasting communications is no longer a viable method for transmitting information, and that point-to-point communications will surmount the existing vulnerabilities of wireless signal transmission. With the advances in smart antennae still at the fringe of connectivity, Mock looks for spatial processing advances to increase the security, quality, and capacity of wireless communications. He also predicts that audio and visual information will be available without delay, and remains hopeful that identity verification could streamline labor-intensive processes such as airline screening and government services. The central challenge will be to reconcile our universal embrace of unprecedented connectivity with our historical insistence on personal privacy.
    Click Here to View Full Article

  • "Robotics: How to Have Fun and Learn a Lot Doing It"
    New London Day (CT) (08/10/05); Pearson, Dan

    Mysterious Robo Lab is a program that teaches children between 10 and 14 years of age how to build robots through teamwork while also introducing them to fundamental computer programming and physics. The project was conducted by Timothy Huff, an instructor with the Regional Access for Technology (RAFT) program of Southeastern Connecticut's regional education agency, LEARN. One of the goals of Mysterious Robo Lab is to get children interested in science and engineering. In a contest hosted by the Groton Public Library, students met four days a week for three weeks, building robot vehicles from Lego bricks and programming a wireless "brain" with up to eight commands that could be downloaded into and then performed by the device's memory. The robots then participated in a navigation competition at the library. Huff said it is an encouraging sign that more female students than male students enrolled in the program, because the Connecticut Department of Education has determined that girls' interest in science and engineering starts to wane when they enter middle school.
    Click Here to View Full Article
    (Registration [free] is required to access articles on TheDay.com that are one (1) day old to one (1) week. News articles written after one (1) week will require purchasing.)

  • "East Bay Lab's Problem Solver Tackles Terrorism"
    Inside Bay Area (CA) (08/08/05); Carter, Matt

    Edmond Chow is leader of the Complex Networks project at Lawrence Livermore National Laboratory's Center for Applied Scientific Computing, where he is helping the U.S. Department of Homeland Security mine massive databases of information as part of a counter-terrorism effort, among other things. Chow earned a 2002 Presidential Early Career Award for Scientists and Engineers for his work on simulations. He says the complexity of the problems he works on has increased, as has the power of the computers he uses to solve them; but understanding how to deconstruct a problem in order to tap the available computing power remains the central problem-solving methodology. Chow notes that a problem's increase in size "requires [disproportionately] more [computing] time and memory." When it comes to mapping out a complex problem, Chow reports that perhaps 75 percent of the work takes place before the first line of code is written. He demonstrated in his 1997 doctoral thesis for the University of Minnesota how computers could be employed to simulate real-life phenomena that involve millions of simultaneous equations, whereas nowadays simulations are not considered large unless they entail hundreds of millions of concurrent equations. Supercomputers are being used today to simulate weather and nuclear explosions, as well as extract information from databases that are too vast for people to mine.
    Click Here to View Full Article

  • "LinuxWorld SF: OSDL Announces Patent Commons Project"
    IDG News Service (08/10/05); Nystedt, Dan

    The Open Source Development Labs (OSDL) in concerned that software patents are having a detrimental effect on open-source collaboration, and mitigating that threat is the goal behind the Patent Commons initiative the organization announced on Aug. 9. The effort will involve the collection of software licenses and patents pledged to the open-source community within a single repository for developers. The Patent Commons will also serve to lower the threat of patent-related lawsuits and ease the administrative burden of approving individual licenses, thus encouraging more companies and individuals to contribute their intellectual property to the open-source community. Vendors who make such pledges are basically promising not to pursue litigation against developers or users. The Patent Commons also ensures patent holders that an organization committed to open-source software is looking after their patent enforcement rights. The project will initially concentrate on the development of a library and database to store software patents and patent licenses, in addition to patents pledged by companies. The OSDL said other legal items, such as indemnification programs offered by open-source software vendors, will also be aggregated.
    Click Here to View Full Article

  • "PluggedIn: Wireless Networks--Easy Hacker Pickings"
    Reuters (08/05/05); Sullivan, Andy

    Wireless networks are highly vulnerable to exploitation, so much so that hackers regularly compete to find open Wi-Fi connections. Mapping out wireless access points, a practice known as wardriving, is very popular, as demonstrated by wardriving contests hosted at the recent Defcon hacker conference. Inexpensive wireless routers let consumers surf the Web from home, while a Wi-Fi signal's radius of several hundred feet allows neighbors to access the Internet as well. Very few wireless hotspot owners avail themselves of encryption, password protection, and computer-specific network access features. Wardrivers say the WEP encryption standard employed by many access points is easy to break, while others blame manufacturers such as Linksys for failing to make security a default setting in their products because they are more interested in ease of use. Mike Wagner with Linksys claims new routers enable computers to securely link with other Linksys devices through the simple push of a button, but admits his company cannot ship its products with the security settings activated because most users will not go to the trouble of changing the default password. Numerous laws criminalize accessing computer networks without authorization, but few have been put to the test in court. Wardrivers claim not to approve of unauthorized network use, insisting that the goal of their activities is to raise awareness of wireless security's vulnerability among consumers and manufacturers in the hope of spurring them to make improvements.
    Click Here to View Full Article

  • "E-Voting Vendors Hit With New Rule"
    Associated Press (08/06/05); Coleman, Jennifer

    California Secretary of State Bruce McPherson recently announced a new rule requiring e-voting machine manufacturers to certify that their products comply with the federal Help America Vote Act (HAVA) to guarantee that voters will not end up with unreliable systems as technology and regulations change. The rule aims to protect California counties financially if they purchase products advertised as HAVA-compliant, only to discover they are not when the HAVA regulations are finalized in October. The HAVA guidelines will go into effect on Jan. 1, and McPherson said that deadline puts counties under a lot of pressure to select a system that satisfies the regulations. The law requires all polling places to have at least one handicapped-accessible voting system that lets disabled voters cast votes securely, while paper trails are also a requirement in California. Alfie Charles of Sequoia Voting Machines pointed to a lack of pre-clearance testing for HAVA compliance, noting that the new rule could become problematic for e-voting vendors if federal requirements change following the purchase of systems. The new rule announcement comes after McPherson's rejection of an application by Diebold's TSX e-voting machine, which suffered an unacceptable number of paper jams and screen freezes when tested by McPherson's office.
    Click Here to View Full Article

  • "IA Roadmap"
    Military Information Technology (08/05/05) Vol. 9, No. 5; Chisholm, Patrick

    The National Security Agency (NSA) is working on an information assurance (IA) roadmap for the Department of Defense's Global Information Grid (GIG) effort, with the protection of information throughout the entire grid being an overarching priority. Basic elements of the IA roadmap include the maintenance of availability in an end-to-end encrypted "black core" environment that cannot be forged or spoofed; identity and privilege management; dynamic access enforcement; identity- and privilege-based mediation of access between and among people, objects, and machines; assured information sharing; and foundational security management infrastructure. It is the responsibility of the NSA to specify information security standards and architectures for national security systems outlined in the GIG roadmap. The challenge is to shield the enterprise by providing the appropriate level of IA in the face of inconsistent levels of trust of users, IT components, and sensitivity of information and services. NSA IA director Daniel Wolf says the GIG's assured information sharing portion requires the Risk Adaptive Access Control model, which ensures that data can only be accessed by the right people by studying the user's identity, the user's location, and the data itself to assess what information can be accessed at that point in time. "It means there will be much more emphasis in determining the identity of the person logging on to his or her computer, establishing their credentials and what kind of restrictions, if any, they have in accessing the data," Wolf says. A key part of the IA roadmap is assurance that security is designed into networks at the outset, and the NSA has forged alliances with the DoD, Homeland Security, industry, and academia to advance and strengthen adherence to GIG principles in those various sectors. "It becomes very important that...we have a common set of high principles in terms of IA policies and architectures," Wolf concludes.
    Click Here to View Full Article

  • "Professor Develops Software to Help Grade Essays"
    Chronicle of Higher Education (08/05/05) Vol. 51, No. 48, P. A29; Carnevale, Dan

    Qualrus is a computer program developed by University of Missouri at Columbia sociology professor Ed Brent that can grade students' essays and provide feedback on how their work can be improved. The software searches for key words and terms to assess how well the paper covers the assigned topic, and Brent says the program can identify logical flow and reasoned arguments by studying the relationship between the terms. Qualrus matches the essays against a checklist of terms and concepts supplied by the professor to see if those elements are comprehensively presented, evaluating the semantics and determining how well the writer understands the topic; mistakes or omissions are flagged so the author can correct those errors in subsequent drafts. The software's development was partly funded by a $100,000 National Science Foundation grant, and Brent says the program can also draw comparisons between papers to look for signs of plagiarism. He claims the program improves student learning while easing the grading process for teachers, allowing them to concentrate on each paper's overall quality instead of painstakingly counting terms and concepts. Martha Townsend, director of the University of Missouri's Campus Writing Program, envisions Brent's software as a tool for improving interactions between students and instructors in essay grading. Brent says an upgraded, more versatile version of Qualrus called SAGrader will be ready in the autumn. Whereas Qualrus is only programmed to follow assignment guidelines for sociology, SAGrader will be able to accommodate a broad spectrum of subjects, according to the professor.
    Click Here to View Full Article
    (Access to this article is available to paid subscribers only.)

  • "Looking Back to See the Future"
    HPC Wire (08/05/05); Curns, Tim

    Through a partnership with Stanford University and NASA, Silicon Graphics has developed a sophisticated, high-resolution digital imaging simulation. At a recent press conference, scientists displayed 60,000 two-dimensional images of a 2,000-year-old mummy that form composite three-dimensional models. The Stanford Radiology scans yielded 92 GB of data, almost 35 times more information than had been generated in the modeling of King Tutankhamen, with considerably more clarity and detail. The project enlisted a team of dentists and oral surgeons to help model the dental patterns of the girl, who is believed to have been four or five when she died; Paul Brown, one of the consulting dentists, believes that the visualization technology employed in the mummy imaging holds considerable potential for the future of medical, dental, and orthodontic operations. Although offering exciting possibilities for enhancing the experience of museum patrons through 3D flythroughs, SGI's system also expands the volume of data with which researchers can interact. Volume Graphics' real-time ray tracing tool yields high-resolution clarity scans with no harm to the fragile subject material. The most advanced scanners, such as the Siemens model used in the San Jose museum project, unlock the vast troves of data when coupled with next-generation visualization technologies; these advances bring the mummies to life, said SGI's Afshad Mistri, adding that "seeing them projected on a large, immersive screen makes their impact even greater." One NASA scientist intimated that there may be a project forthcoming to scan all of the mummies collected in the Giza Pyramids Excavation in Egypt.
    Click Here to View Full Article

  • "The "Terrorism" Information Awareness Initiative"
    MC Press Online (08/01/05); Peters, Chris

    Evergreen Interactive Systems President and author Chris Peters writes that the U.S. government's attempt to prevent terrorism through the Information Awareness Office's Terrorism Information Awareness (TIA) initiative is fraught with controversy, particularly in its ambition to identify suspected terrorists and other criminals by mining public and private databases of information such as credit card bills, shopping transactions, immigration records, and tax data. Concurrent with this are deployments to identify terrorists by physical attributes through a combination of pattern recognition and surveillance technologies. The plan is to build terrorist profiles and match them against individuals in an effort to identify probable offenders and apprehend them before they can commit acts of terrorism, and the Defense Advanced Research Projects Agency (DARPA) insists that the data, which is already accessible to businesses, would not be released to others. This has not assuaged opponents, who say innocent people could be mistaken for lawbreakers through data errors such as misspelled names. Not only could such misidentification damage a law-abiding citizen's reputation, but the government would probably have no obligation to correct such errors. Peters says applying imperatives of ethical and professional conduct such as those outlined by the ACM to TIA is difficult, given the potential for both false positives and false negatives; but he acknowledges that critics may be failing to see the forest for the trees if one reasons that the common good outweighs individual rights. However, such an argument creates a dilemma for computer professionals if their accepted code of ethics conflicts with their employers' goals. Peters concludes that limitations must be set at some point if such abuses are to be curbed, either in business or government.
    Click Here to View Full Article

    For more on ACM's activities involving TIA, visit http://www.acm.org/usacm.

  • "The Interplanetary Internet"
    IEEE Spectrum (08/05) Vol. 42, No. 8, P. 30; Jackson, Joab

    Ambitious plans for future space exploration cannot be realized without an effective communications network to link Earth with its far-flung explorers, and all of NASA is in agreement that the ideal scheme would be an Internet that spans between planets. But the space agency is split over how this can be achieved: One research group supports the use of existing Internet software and Internet protocols, while the other says wirelessly communicating across vast distances with such tools is a practical impossibility. Both groups looked for ways to address the two biggest obstacles of interplanetary communications--delays caused by distance and the handing-off problems associated with the need to go through multiple ground stations. The first group engineered a demo of the space IP network concept on the ill-fated Columbia's last flight, in which a file was transferred between the Goddard Space Flight Center and the shuttle across a distance of about 600 kilometers. But a team of scientists at the Jet Propulsion Laboratory (JPL) also worked on the problem, only to find that TCP could not be successfully modified for space travel. Their alternative solution is Delay Tolerant Networking (DTN), an architecture that moves data across networks by using routers that retain a copy of every packet of data sent at least until the next node in the network acknowledges receipt, thus guaranteeing that no data is lost even if a node is offline. This scheme not only ensures that data reaches its destination, but it can improve robot explorers' efficiency by requiring them to hang onto data only until it is received by the first node. The Goddard group's concern is that a DTN model would be more costly and less capable because it eschews reusable, commercially developed Internet hardware and software.